CVE-2007-2217: Code Injection
First published: Tue Oct 09 2007(Updated: )
Kodak Image Viewer in Microsoft Windows 2000 SP4, and in some cases XP SP2 and Server 2003 SP1 and SP2, allows remote attackers to execute arbitrary code via crafted image files that trigger memory corruption, as demonstrated by a certain .tif (TIFF) file.
Credit: secure@microsoft.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Microsoft Windows 2000 | =sp4 | |
| Microsoft Windows Server 2003 | =sp1 | |
| Microsoft Windows Server 2003 | =sp2 | |
| Microsoft Windows XP | =sp2 | |
| Kodak Image Viewer |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.us-cert.gov/cas/techalerts/TA07-282A.html
- http://www.kb.cert.org/vuls/id/180345
- http://www.securityfocus.com/bid/25909
- http://securitytracker.com/id?1018784
- http://secunia.com/advisories/27092
- http://www.vupen.com/english/advisories/2007/3435
- https://exchange.xforce.ibmcloud.com/vulnerabilities/36799
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1481
- https://www.exploit-db.com/exploits/4584
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-055
- http://www.securityfocus.com/archive/1/482366/100/0/threaded
Frequently Asked Questions
What is the severity of CVE-2007-2217?
CVE-2007-2217 has been classified with high severity due to its potential to allow remote code execution.
How do I fix CVE-2007-2217?
To mitigate CVE-2007-2217, users should update their Kodak Image Viewer or disable the handling of TIFF files in the affected operating systems.
Which systems are affected by CVE-2007-2217?
CVE-2007-2217 affects systems running Kodak Image Viewer on Microsoft Windows 2000 SP4, Windows XP SP2, and Windows Server 2003 SP1 and SP2.
What type of attack does CVE-2007-2217 represent?
CVE-2007-2217 represents a remote code execution vulnerability triggered by malformed TIFF images.
What is the nature of the vulnerability in CVE-2007-2217?
The vulnerability in CVE-2007-2217 is due to memory corruption caused by processing crafted image files.
- collector/nvd-historical
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/references
- agent/severity
- agent/last-modified-date
- agent/author
- agent/remedy
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/microsoft
- canonical/microsoft windows 2000
- version/microsoft windows 2000/sp4
- canonical/microsoft windows server 2003
- version/microsoft windows server 2003/sp1
- version/microsoft windows server 2003/sp2
- canonical/microsoft windows xp
- version/microsoft windows xp/sp2
- vendor/kodak
- canonical/kodak image viewer